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DETAILED ACTION 

1 . This office action is in response to the reply filed on 1 0/29/2009. 

2. Claims 1-2, 4-21 and 23-39 are pending in the application and have been examined. 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written tlcsci ipUt)n tjl'thc invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

4. Claims 1-2, 4-21 and 23-39 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to reasonably convey to one skilled in the 
relevant art that the inventor(s), at the time the application was filed, had possession of the 
claimed invention. Claims 1 and 20 recite the limitation "said condition consisting of a 
respective one of. . ." The examiner can find no support for this limitation, in the context in 
which it is claimed, in the original teachings of the application. The dependent claims also 
include this subject matter and therefore also fail to meet the requirements of 35 U.S.C. 1 12, first 
paragraph. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
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having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1-2, 4-8, 11-18, 20-21, 23-36 and 38-39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Alverson's background (U.S. Patent No. 7,020,767) in view of Angelo 
(U.S. Patent No. 6,581,162). 

7. Regarding claim 1 , Alverson discloses a system with multiple domains. 

Alverson also discloses a protection requirement for the domains, but fails to disclose 
particular information about monitoring. 

Angelo discloses a monitoring fimction within a processing system (col 7 line 40 to col 8 
line 15). 

Alverson, at the time of the invention, would have been motivated to use SMM and SMI 
in computer security memory management to protect against malicious software and viruses, 
thereby improving computer security memory management. Furthermore, Alverson has shown 
an expressed desire for multiple levels of protection that is domain specific (col 2 line 56-57). 

It would have been obvious at the time of the invention for one of ordinary skill in the art 
to take the system of Alverson and incorporate the SMM and SMI security of Angelo. The 
combination would be as follows: 

Alverson/Angelo discloses a method of controlling a monitoring fiinction of a processor 
(Angelo col 7 line 40 to col 8 lines 15), 

said processor being operable in at least two domains (col 1 lines 30-33), comprising a 
first domain and a second domain, said first and second domains each comprising at least one 
mode (col 7 line 61 to col 8 line 4), said method comprising the steps of: 
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controUably monitoring (col 7 line 56-58) said processor operating in each of said at least 
two domains (col 1 lines 30-33 and col 2 lines 56-57 — Note that the citations indicate that 
Alverson desired a level of security that can vary in each domain), 

setting at least one control value, said at least one control value to an enable value [col 7 
lines 56-58], said at least one control value relating to a condition, said condition consisting of a 
respective one of a domain or mode that said processor is operating in or to a type of said 
monitoring function, said control value being set to be an enable value for said related condition 
to indicate that said monitoring function is allowable in said first domain (Angelo col 7 line 61 to 
col 8 line 4); and only allowing initiation of said monitoring function in said first domain when 
said condition is present if its related control value indicates that said monitoring function is 
allowable; and not allowing initiation of said monitoring function in said first domain when said 
condition is present and its related control value indicates that said monitoring function is not 
allowable (col 7 line 61 to col 8 line 4). 

8. Regarding claim 2, Alverson/Angelo discloses the method according to claim 1, wherein 
said first domain is a secure domain and said second domain is a non-secure domain (Angelo col 
8 line 4), said processor being operable such that when executing a program in a secure mode 

within said secure domain said program has access to secure data which is not accessible when 
said processor is operating in a non-secure mode within said non-secure domain (Angelo col 8 
line 11-15). 

Note that a domain is considered to be in a secure mode when the SMI handler is 
running. At this point, it is a "secure domain ". Otherwise, it is non-secure. 
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9. Regarding claim 4, Alverson/Angelo discloses the method according to claim 3, wherein 
said condition comprises a secure domain and said control value comprises a secure domain 
enable value, initiation of monitoring in said secure domain only being allowed if said secure 
domain enable value is set (Angelo col 7 line 61 to col 8 line 4). 

10. Regarding claim 5, Alverson/Angelo discloses the method according to claim 3, wherein 
said secure domain includes a secure user mode and said condition comprises a secure user mode 
(Angelo col 8 line 1). 

Note that the handler routine is considered to be the "secure user mode " 

1 1 . Regarding claim 6, Alverson/Angelo discloses the method according to claim 5 wherein 
said control value comprises a secure user mode enable bit (col 7 line 56-57) and initiation of 
monitoring from secure user mode is only allowed if said secure user mode enable bit has been 
set (Angelo col 7 line 61 to col 8 line 4). 

12. Regarding claim 7, Alverson/Angelo discloses the method according to claim 4, wherein 
said condition comprises a type of monitoring fimction (Angelo col 8 line 1-4). 

13. Regarding claim 8, Alverson/Angelo discloses the method according to claim 7, wherein 
said condition comprises a debug monitoring function and said control value comprises a debug 
enable bit, initiation of debug in said first domain only being allowable if said debug enable bit 
has been set (Angelo col 8 line 8-11). 

Note that the monitoring function is considered to be a debug monitoring function. 

14. Regarding claim 11, Alverson/Angelo discloses the method according to claim 1, said 
method comprising setting a plurality of control values, each of said plurality of control values 
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relating to a different condition; and only allowing initiation of said monitoring function in said 
first domain if any of said conditions are present if each of said control values related to a 
condition that is present indicate that said monitoring function is allowable (Angelo col 7 line 61 
to col 8 line 11). 

Note that the plurality of control values includes the SMI interrupt and the SMI ACT 

signal. 

15. Regarding claim 12, Alverson/Angelo discloses the method according to claim 1, said 
method further comprising said steps of: setting a control indicator, said control indicator 
indicating that monitoring is only allowable for specified applications; and prior to initialising 
said monitoring function checking an application identifier; and only allowing initiation of said 
monitoring function if said application currently running is one for which monitoring is 
allowable. 

Note that Alverson/Angelo, as previously combined, does not necessarily disclose the 
limitations above. As originally combined, the SMI handler routine is domain specific; however, 
it would further be obvious to make these routines stream (or application) specific. 

Alverson would have been motivated to utilize this technique since the invention is 
initially concerned with stream specific privileges (Alverson col 2 lines 56-57). 

16. Regarding claim 13, Alverson/Angelo discloses the method according to claim 12, 
wherein the step of setting a control indicator comprises setting a control indicator stored in a 
predetermined position in a storage element. 

Note that the use of a particular interrupt or signal suggests that it is held in a common 
register that is considered to be "a predetermined position in a storage element". More 
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generally, in order for the signal to have the necessary effects, its position must be 
predetermined; otherwise, the processor would not know what the signal is attempting to signify. 

17. Regarding claim 14, Alverson/Angelo discloses the method according to claim 12, 
wherein said monitoring function comprises monitoring said processor and capturing diagnostic 
data (Angelo col 7 line 64 to col 8 line 4), said method comprising the further step of: following 
initiation of said monitoring function only allowing capturing of diagnostic data in said first 
domain while an application running on said processor is one for which monitoring is allowable 
(see claim 12). 

18. Regarding claim 15, Alverson/Angelo discloses the method according to claim 1, 
wherein said monitoring function comprises monitoring said processor and capturing diagnostic 
data (Angelo col 7 line 64 to col 8 line 4), said method comprising the further step of: following 
initiation of said monitoring function only allowing capturing of diagnostic data in said first 
domain when a condition changes if a control value related to the changed condition indicates 
that said monitoring function is allowable (Angelo col 8 line 8-1 1). 

19. Regarding claim 16, Alverson/Angelo discloses the method according to claim 1, 
wherein setting of at least one control value is performed either by setting said control value via 
an input port or by setting said control value from the first domain (Angelo col 7 line 56-58). 

20. Regarding claim 17, Alverson/Angelo discloses the method according to claim 16, said 
method comprising the fiirther step of blocking write access to said control value via said input 
port such that the step of setting said control value can henceforth only be performed by setting 
said control value from said first domain. 
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Note that the SMM signal, in some embodiments (Angelo see col 7 lines 56-58) does not 
require an input port. Consequently, these embodiments are considered to be blocked, leaving 
only modification from the first domain. 

2 1 . Regarding claim 1 8, Alverson/Angelo discloses the method according to claim 1 , 
wherein said first domain comprises a first user mode (Alverson col 1 lines 30 to 33) and a first 
privileged mode (Alverson col 2 lines 56-57) and the step of setting at least one control value in 
said first domain (Angelo col 8 lines 8-11), comprises setting said control value fi-om said first 
privileged mode. 

Note that a level of privilege will often be activated (Alverson) when the SMI handler 
routine is called (Angelo) 

22. Regarding claims 20-28, see claims 1-9. 

23. Regarding claim 29, Alverson/Angelo discloses the processor according to claim 20, 
wherein: said storage element is operable to contain a plurality of control values, each of said 
plurality of control values relating to a different condition (Angelo col 7 lines 57-58 and col 8 
lines 9-11); and said control logic is operable to only allow initiation of said monitoring logic in 
said first domain if any of said conditions are present if each of the control values related to a 
condition that is present indicate that the monitoring logic is allowable (Angelo col 7 lines 61- 
64). 

24. Regarding claim 30, Alverson/Angelo discloses the processor according to claim 29 
wherein one condition comprises a secure domain and a corresponding control value comprises a 
secure domain enable bit (Angelo col 7 line 61 to col 8 line 4) and a further condition comprises 
a secure user mode and a corresponding control value comprises a secure user mode enable bit 



Application/Control Number: 1 0/7 1 4,483 Page 9 

Art Unit: 2183 

(Alverson col 1 lines 30-33 — note that the secure user mode and secure mode of the domain are 
considered to be the same), said control logic being operable to initiate said monitoring logic 
from secure user mode only when said storage element contains both a secure user mode enable 
bit and a secure domain enable bit (Angelo col 7 line 61 to col 8 line 4). 

25 . Regarding claim 3 1 , Alverson/ Angelo discloses the processor according to claim 20, 
wherein: said storage element is further operable to contain a control indicator, said control 
indicator indicating that monitoring is only allowable for identified applications (see 
combination used in claim 12); and said control logic is operable to check at least one identifier 
identifying an application that is allowable (Angelo col 7 line 61-64), said control logic only 
initiating said monitoring logic in the first domain when said application currently running is one 
identified as being one for which monitoring is allowable (Angelo col 7 line 61 to col 8 line 4).. 

26. Regarding claim 32, Alverson/Angelo discloses the processor according to claim 3 1 , said 
processor comprising a further storage element, said storage element being operable to contain 
said at least one identifier specifying an application that is allowable (Alverson col 1 lines 37- 
38). 

27. Regarding claim 33, Alverson/Angelo discloses the processor according to claim 3 1 , 

wherein said monitoring logic is operable to monitor the processor and capture diagnostic data 
(Angelo col 7 liens 61-64); and wherein said control logic is operable to control the monitoring 
logic to suppress capturing of diagnostic data in said first domain when said control logic detects 
that said application running is not one identified as being allowable (Alverson col 1 lines 37- 
38). 
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Note that if the processing system hasn 't picked a particular application stream to run, 
then the monitoring of that application is considered to be suppressed. 

28. Regarding claim 34, Alverson/Angelo discloses the processor according to claim 20, said 
processor further comprising an input port, wherein said control value is operable to be set in 
said storage element either via the input port or via an input from said first domain (Angelo col 7 
line 56-58). 

29. Regarding claims 35-36, see claims 16-18, respectively. 

30. Regarding claims 38 and 39, Alverson/Angelo disclose the use of a register holding the 
storage elements. 

Note that according to the American Heritage College dictionary, a computer science 
definition of a register is "a part of a central processing unit used as a storage location." 

3 1 . Claims 9, 10, 19 and 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Alverson/Angelo in view of common art. 

32. Regarding claim 9, Alverson/Angelo discloses the method according to claim 8, 
Alverson/Angelo discloses saving a portion of memory (Angelo col 7 lines 61-64). 

Angelo fails to particularly disclose that the information includes instruction traces. 

Examiner asserts that saving instruction traces is common in the art and can be utilized 
for many debugging purposes. Alverson/Angelo would have been motivated to utilize this 
technique to gather more debugging/security information for analysis. It would be further 
obvious to include a trace enable bit so the processor knows when to save instruction traces. 

33. Regarding claim 10, Alverson/Angelo discloses the method according to claim 9, 
wherein said secure domain enable value comprises a secure debug enable bit and a secure trace 
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enable bit, initiation of debug and trace in said secure domain only being allowable if respective 
portions of said secure domain enable value are set (see claim 9). 

34. Regarding claims 19 and 37, Alverson/Angelo discloses a method according to claim 16, 
wherein said first domain comprises a first user mode (Angelo col 1 lines 30-33) and a first 
privileged (Alverson col 2 lines 56-57) mode and said step of setting at least one control value in 
the first domain (Angelo col 8 lines 8-11), 

Examiner asserts that it would have been obvious to require a non-privileged mode, 
domain, etc. to require an authentication code before accessing the control value of a privileged 
domain. 

Examiner fiirther asserts that Angelo/Alverson desired to have a form of security 
(Alverson col 2 lines 56-57 and Angelo col 8 line 4) and would be motivated to utilize this 
technique. Additionally, Angelo col 7 lines 15-24 shows the use of an authorization code, 
generally. 

Response to Arguments 

35. Applicant's arguments filed 10/29/2009 have been fiiUy considered but they are not 
persuasive. 

36. Applicant argues that the control value of Angelo does not constitute a "mode" as 
claimed. Applicant supports this position by arguing that a control signal is not a "functioning 
arrangement or condition". The examiner respectfiiUy disagrees. If the control value holds a 
first value, the system fimctions in a first manner. If the control value holds a different value, the 



Application/Control Number: 1 0/7 1 4,483 Page 1 2 

Art Unit: 2183 

system functions in a different manner. The control signal clearly constitutes a "functioning 
arrangement or condition" in that it determines how the system functions. 

37. Applicant alleges that the examiner's rejection is inconsistent with the Board's 
interpretation of the prior art, but does not elaborate on this inconsistency. If applicant believes 
there is such an inconsistency, applicant should explicitly state on the record what that 
inconsistency is. Without such a statement, the examiner can not determine the validity of 
applicant's claim. 

38. Applicant has amended the claim to use the term "consisting" in place of "comprising". 
However, this change does nothing to overcome the Board's reasoning for upholding the 
rejection. That is, the elements of Angelo that the Board recites as anticipating the control value 
remain valid because they indicate a state, or mode, of the system. Applicant requests 
identification of what subject matter is being used to teach the claimed "condition". The 
examiner refers applicant to the reasoning outlined in the Board's decision, pages 7-10, for such 
identification. 

39. Applicant next alleges that there is a problem with the examiner's motivation for 
combining the references, but does not clarify what this problem is. The examiner's position is 
that the motivation remains valid as affirmed by the Board. 

40. Applicant requests supportive evidence that the use of instruction tracing mechanisms for 
debug purposes is common in the art. The examiner cites Bridges et al. (U.S. Patent 5,809,293) 
[col. 9, line 6 - col. 10, line 16 for a particular example] and Somasundaram et al. (U.S. Patent 
5,491,793) [abstract] as evidence that such subject matter is well known and understood in the 
art. 
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4 1 . The examiner has addressed all of applicant's arguments and found them to be 
unpersuasive. The rejections are therefore maintained. 

Conclusion 

42. THIS ACTION IS MADE FINAL. AppUcant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi-om the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Corey Faherty whose telephone number is (571)270-13 19. The 
examiner can normally be reached on weekdays between 7:00 and 4:30, with every other Friday 
off 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Eddie Chan can be reached on (571) 272 4162. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Eddie P Chan/ /Corey Faherty/ 

Supervisory Patent Examiner, Art Unit 2183 Examiner, Art Unit 2 1 83 



